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Drawings 

1 . The figure 1 is objected to because text labels are necessary for the applicant's 
drawings to be understood. The applicant's drawings contain rectangular boxes whose 
meanings are unclear instead of conventional drawing symbols whose meanings are 
readily apparent, such as the circuit elements that represent resistors, capacitors, or 
inductors. Accordingly, the rectangular boxes should have text labels for clarification 
purposes. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 
reply to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the immediate 
prior version of the sheet, even if only one figure is being amended. The figure or figure 
number of an amended drawing should not be labeled as "amended." If a drawing figure 
is to be canceled, the appropriate figure must be removed from the replacement sheet, 
and where necessary, the remaining figures must be renumbered and appropriate 
changes made to the brief description of the several views of the drawings for 
consistency. Additional replacement sheets may be necessary to show the renumbering 
of the remaining figures. Each drawing sheet submitted after the filing date of an 
application must be labeled in the top margin as either "Replacement Sheet" or "New 
Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, 
the applicant will be notified and informed of any required corrective action in the next 
Office action. The objection to the drawings will not be held in abeyance. 
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Specification 

2. The disclosure is objected to because of the following informalities: the various 
sections of the specification are not labeled with the appropriate section heading. 
Please see MPEP 608.01 (a). Appropriate correction is required. 

Claim Objections 

3. Claim 1 is objected to because the claim is written as a European style two-part 
claim including a "characterizing" clause. Please MPEP 21 1 1 .03, for the appropriate 
transitional phrases that define the scope of a claim with respect to what unrecited 
additional components or steps, if any, are excluded from the scope of the claim. 
Appropriate correction is required. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 29-32 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 29-32 are generally narrative and indefinite, failing to conform with current 
U.S. practice. The claims are drawn toward an apparatus, however the claims describe 
the operation of an apparatus with no recitation of the structural elements that make up 
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the apparatus. For apparatus claims the claim limitations define physical structures or 
materials. See MPEP 2106 II. C. Appropriate correction is required. 

Claim Rejections - 35 USC § 101 
5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 33-35 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Claims 33-35 recite a "computer program 
product," ... "to be used on a computer comprising a computer readable medium." The 
recitation of the intended use of the computer program product on a computer having a 
computer readable medium does not require the computer program product to be 
encoded on a computer-readable medium. Accordingly, the scope of the claims 
includes the computer program product by itself, which is function descriptive material 
and does not fall into at least one of the four statutory classes defined by 35 U.S.C. 101 . 
The computer program product, only imparts functionality when employed as a 
computer component, such as when a computer program is recorded on a computer 
readable medium. If a claim covers material not found in any of those four categories, 
then the claim falls outside the plainly expressed scope of 35 U.S.C. 101, even if the 
subject matter is otherwise new and useful. See In re Nuijten 84 USPQ2d 1495 (Fed. 
Cir. 2007) 

Claim 36 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Claim 36 recites "a data signal," which 
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includes physical but transitory forms of signal transmission, such as radio broadcasts, 
electrical signals, and light pulses through fiber optic cable, that do not fall into the four 
statutory class defined by 35 U.S.C. 101 . If a claim covers material not found in any of 
those four categories, then the claim falls outside the plainly expressed scope of 35 
U.S.C. 1 01 , even if the subject matter is otherwise new and useful. See In re Nuijten 84 
USPQ2d 1495 (Fed. Cir. 2007) 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-2, 5-9, 12-19, 22-26, and 29-36 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Saito et al. ("Privacy Enhanced Access Control by SPKI"). 
Regarding Claims 1-2, 5, 12-13, and 34-35: 

Saito discloses privacy enhanced access control by simple public key 
infrastructure that associates user identifying information ("Subject Field of the SPKI 
Certificate" See pages 302-303 section II. B1.) and data ("Authorization Field of the 
SPKI Certificate" See pages 302-303) using concealing data ("Hash Function" See 
pages 302-303 section II. B1 .) to conceal a user identity in the user identifying 
information, such that it is possible to check for a given user identity whether the 
association applies to it ("Comparison against ID Certificate" See page 301 section I.). 
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Regarding Claims 6-8: 

Saito discloses an issuing agent (See figure 5 ref. no. A) receives a request for 

an association from a client (See figure 5 ref. no. C) and the issuing agent provides an 

association signed by its own secret key to the client (See pages 304-305 Section III. 

B.). 

Regarding Claim 14: 

Saito discloses the privacy enhanced access control by simple public key 
infrastructure operates in internet and electronic commerce applications (See page 301 
abstract). The examiner respectfully points out that pay per access content is available 
on the internet in electronic commerce applications. 
Regarding Claim 15: 

Saito discloses the authorization field of the SPKI Certificate has a content 
identifier ("Filel , File2" See pages 302-303 section II. B1.) 
Regarding Claim 16: 

Saito discloses the SPKI Certificate includes a rights attributes data field 
("Validity" See pages 302-303 section II. B1.). 
Regarding Claims 18-19: 

Saito discloses sending a request in relation to the data including the concealed 
user identifying information ("Exercise and Service communication between the Server 
and the Client" See figure 5 and page 305 section III. B.). 
Regarding Claims 22-25 and 33: 
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Saito discloses privacy enhanced access control by simple public key 
infrastructure that receives from a user a request concerning the data using user 
identifying information related to the user ("SPKI S' Certificate" and "SPKI A Certificate" 
See figure 5 and pages 303-305 section III.), retrieves the association including user 
identifying information that has been concealed using concealing data ("Exercise" See 
pages 304-305 section III. B.), checks the concealed user identifying information in the 
association ("Exercise" See pages 304-305 section III. B.), and provides the user with 
information related to the data based on a correspondence between the concealed user 
identifying information in the association and the user identifying information at least 
linked to the user ("Exercise" and "Service" See pages 304-305 section III. B.). 
Regarding Claim 26: 

Saito discloses comparing the user identifying information of the user against a 
user domain certificate ("SPKI S' Certificate" See figure 5 and pages 304-305 section III. 
B.) including user identifying information related to all users in a domain ("The examiner 
respectfully points out that the amount of users in a domain can be as few as one."), 
wherein the step of checking concealed user identifying information in the association 
with user identifying information is performed on user identifying information in the 
domain certificate ("SPKI S' Certificate" and "SPKI A' Certificate" See figure 5 and 
pages 304-305 section III. B.), and the step of providing is performed based on a 
correspondence between the concealed user identifying information in the association 
and any user identifying information in the domain certificate ("Secure Downloading" 
See pages 304-305 section III. B.). 
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Regarding Claim 29: 

Saito discloses device ("Issuing Agent Computer" ref. no. A) arranged to conceal 
user identifying information ("Subject Field of the SPKI Certificate" See pages 302-303 
section II. B1 .) using concealing data ("Hash Function" See pages 302-303 section II. 
B1 .) for provision of the concealed user identifying information in the association. 
Regarding Claim 30: 

Saito discloses a device ("Server" See figure 5 ref. no. S) arranged to receive a 
request ("Exercise" See pages 304-305 section III. B.) from a user concerning the data 
including user identifying information relating to the user ("SPKI A Certificate" See 
figure 5 and pages 303-305 section III.), retrieve an association between the data and a 
user including user identifying information which has been concealed using concealing 
data ("Subject Field of the SPKI Certificate" and "Authorization Field of the SPKI 
Certificate" See pages 302-303 Section II.), check the concealed user identifying 
information in the association ("The server verifies the properness of certificates," See 
pages 304-305 section III. B.), provide the user with information related to the data 
based on a correspondence between the concealed user identifying information in the 
association and user identifying information at least linked to the user ("Secure 
Downloading" See pages 304-305 section III. B.). 
Regarding Claim 31 : 

Saito discloses a device ("Client Computer" See figure 5 ref. no. C) arranged to 
receive user identifying information related to a user ("SPKI S' Certificate" and "SPKI A 
Certificate" See figure 5 and pages 303-305 section III.) that has been concealed using 
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concealing data ("Hash Function" See pages 302-303 section II. B1 .), send a request 
concerning that data including the concealed user identifying information ("Exercise" 
See figure 5 ref. no. 4 and page 305), so that an association between the user and the 
data comprising the concealed user identifying information can be received ("The server 
verifies the properness of certificates," See pages 304-305 section III. B.). 
Regarding Claim 32: 

Saito discloses a device ("Server" See figure 5 ref. no. S) arranged to receive a 
request concerning the data including the user identifying information which has been 
concealed using concealing data ("Exercise" See figure 5 ref. no. 4 and page 305), and 
provide an association between the user and the data comprising the concealed user 
identifying information ("The server verifies the properness of certificates," See pages 
304-305 section III. B.). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 3-4, 10-11, 20-21 , 27-28 are rejected under 35 U.S.C. 1 03(a) as being 
obvious over Saito et al. ("Privacy Enhanced Access Control by SPKI") in view of 
Alldredge (US 2007.0189542). 
Regarding Claims 3 and 10-11: 
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Saito discloses the above stated privacy enhanced access control by simple 
public key infrastructure that conceals a user identity using a hash function. 

Saito does not disclose concealing a user identity using encryption. 

Alldredge discloses a cryptographic system that encrypts a users message using 
a symmetric key (See paragraph 7). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include in the privacy enhanced access control by simple public key 
infrastructure symmetric key based encryption such as that taught by Alldredge in order 
to achieve privacy between a message sender and a message receiver (See Alldredge 
paragraph 7). 
Regarding Claim 4: 

Saito discloses the above stated privacy enhanced access control by simple 
public key infrastructure that conceals a user identity using a hash function. 

Saito does not disclose the concealing data includes a random value. 

Alldredge discloses a method for secured electronic commerce using sequences 
of one time pads for concealing transmitted messages (See paragraphs 25 and 60) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to included in the privacy enhanced access control by simple public key 
infrastructure concealing transmitted messages using one time pads such as that taught 
by Alldredge in order to allow the privacy enhanced access control by simple public key 
infrastructure to be used internationally (See paragraph 19). 
Regarding Claims 20-21 and 27-28: 



Application/Control Number: 1 0/549,885 Page 1 1 

Art Unit: 2131 

Saito discloses the above stated privacy enhanced access control by simple 
public key infrastructure sending a request in relation to the data including the 
concealed user identifying information. 

Saito does not disclose the request includes a secret security identifier and 
encrypting the concealing data using a secret domain key. 

Alldredge discloses a cryptographic system that includes a secret security 
identifier ("Symmetric Key" See paragraphs 10 and 1 1) with a message and encrypts 
the message containing the secret security identifier using secret domain key 
("Recipient's Public Key" See paragraphs 10 and 11). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include in the privacy enhanced access control by simple public key 
infrastructure a symmetric key system and an asymmetric key system such as those 
taught by Alldredge in order to achieve privacy between a message sender and a 
message receiver (See Alldredge paragraph 7). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BRETT SQUIRES whose telephone number is (571) 
272-8021 . The examiner can normally be reached on 9:00am - 5:30pm Monday - 
Friday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 



